Update dependency org.jacoco:jacoco-maven-plugin to v0.8.15

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
org.jacoco:jacoco-maven-plugin (source)	0.8.14 → 0.8.15

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

jacoco/jacoco (org.jacoco:jacoco-maven-plugin)

v0.8.15: 0.8.15

Compare Source

New Features

• JaCoCo now officially supports Java 26 (GitHub #​2076).
• Experimental support for Java 27 class files (GitHub #​2004).
• Compatibility methods generated by Kotlin compiler for functions defined in interfaces are filtered out during generation of report (GitHub #​1905).
• Compatibility methods generated by Kotlin compiler for exposed boxed inline value classes (JvmExposeBoxed annotation) are filtered out during generation of report (GitHub #​1944).
• Methods generated by the Kotlin compiler for functions with JvmStatic annotation are filtered out during generation of report (GitHub #​2097).
• Improved filtering of bytecode generated by Kotlin compiler for when expressions and statements with kotlin.String subject where first branch condition contains string with largest hash (GitHub #​2098).
• Part of bytecode that javac versions from 24 to 26 generate for switch statements and expressions with selector expression of type java.lang.String inside lambdas is filtered out during generation of report (GitHub #​2023).
• Improved performance of Kotlin files analysis by parsing SMAPs only once per class (GitHub #​2114).
• For better performance agent output methods tcpclient and tcpserver use BufferedOutputStream to write execution data to socket. Maven plugin, Ant tasks, CLI, API usage examples, and ExecDumpClient API use BufferedInputStream to read execution data from socket. Third-party integrations should do the same to benefit from this change in agent (GitHub #​2089).

Fixed bugs

• Fixed processing of Kotlin SMAP in synthetic classes (GitHub #​1985).
• Multiple JaCoCo runtimes within one JVM writing to the same output file should not cause data corruption when running on JDK versions from 6 to 10 affected by JDK-8166253 (GitHub #​2065, #​2074).
• For better performance agent writes to output file via BufferedOutputStream, this fixes regression introduced in version 0.6.2 (GitHub #​2073).
• Fixed NullPointerException when JaCoCo agent is loaded by non system class loader, for example when loaded by JBoss Modules (GitHub #​1651).

Non-functional Changes

• JaCoCo now depends on ASM 9.10.1 (GitHub #​2134).

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[github-actions]

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output

.jar
			|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- json-patch-1.9.jar
		|-- jackson-coreutils-1.6.jar
			|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
	|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
|-- mapdb-3.1.0.jar
	|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
	|-- lz4-1.3.0.jar [1 CRITICAL, 1 HIGH]
pnc-3.5.0-SNAPSHOT.jar
|-- auth-3.5.0-SNAPSHOT.jar
	|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- keycloak-installed-adapter-25.0.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]
			|-- xnio-api-3.8.7.Final.jar [2 HIGH]
			|-- xnio-nio-3.8.7.Final.jar
				|-- xnio-api-3.8.7.Final.jar [2 HIGH]
		|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-adapter-core-25.0.3.jar [1 MEDIUM]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
			|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- keycloak-crypto-default-25.0.3.jar
				|-- bcpkix-jdk18on-1.74.jar [2 MEDIUM]
					|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
					|-- bcutil-jdk18on-1.74.jar
						|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-private-25.0.3.jar [1 HIGH, 4 MEDIUM, 1 LOW]
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-25.0.3.jar
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
		|-- keycloak-adapter-spi-25.0.3.jar
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- keycloak-common-25.0.3.jar [2 MEDIUM]
|-- common-3.5.0-SNAPSHOT.jar
	|-- pom-manipulation-common-lite-5.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
|-- config-3.5.0-SNAPSHOT.jar
	|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-dataformat-yaml-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
|-- opentelemetry-ext-cli-java-2.0.0.jar
	|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-exporter-otlp-1.51.0.jar
		|-- opentelemetry-exporter-otlp-common-1.51.0.jar
			|-- opentelemetry-exporter-common-1.51.0.jar
				|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-logs-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-trace-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-sdk-1.51.0.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-common-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-metrics-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-semconv-1.29.0-alpha.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
|-- pnc-api-3.5.0.jar
	|-- jackson-databind-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
|-- rest-client-3.5.0.jar
	|-- jackson-datatype-jdk8-2.12.6.redhat-00001.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-datatype-jsr310-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- netty-buffer-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-codec-http2-4.1.84.Final.jar [4 HIGH, 4 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 10 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
		|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 10 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
		|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-handler-proxy-4.1.84.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 10 MEDIUM]
			|-- netty-codec-socks-4.1.84.Final.jar
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
		|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-transport-native-unix-common-4.1.84.Final.jar
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-resolver-dns-4.1.84.Final.jar [2 HIGH, 1 MEDIUM]
			|-- netty-codec-dns-4.1.84.Final.jar [1 HIGH]
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
		|-- netty-resolver-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-transport-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
	|-- common-3.5.0.jar
		|-- opentelemetry-instrumentation-annotations-2.24.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- dto-3.5.0-patch-builders.jar
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 10 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [3 HIGH, 1 MEDIUM]
	|-- rest-api-3.5.0-java-client.jar
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]


No Policy violations were detected

Project 'bacon' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=f85d9f1a-b4b0-47cd-8126-d6bf70df9ffc
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=6d0c058f67e84d0886f851d7173c47c7ca091a6fdb1242cdbb51128e57035c41

Mend AI scan succeeded.

Support Token: 3a5abdf43247f4801b716ba043e8401e71781546149728

SAST scan output

warning: 'KeycloakClientException' method could be abused to reveal sensitive internal information. (pig/src/main/java/org/jboss/pnc/bacon/pig/impl/addons/camel/TreeParser.java:246)
warning: 'sha1' method of 'hashlib' uses a non-recommended hash algorithm. (bacon_install.py:188)

Full logs and artifacts